Sanesecurity ClamAV blog: zero hour malware, phishing and scams: Here is a document that you asked

Monday, 20 April 2015

Here is a document that you asked

Here is a document that you asked with zip attachment...

Headers:

From: {random email}
Subject: {random}

Message body:

hi

Here is a document that you asked

Attached to the email is a Zip file (Note: filename is random}

scan 59334.zip

Inside the Zip file is a Windows Executable file:

scan 59334.scr

Sha256 Hashes:

2191354418154983ab885cc8063bd5c9a50bda057794c61ee7556930e4f33fbb [1]

Malware Anti-Virus Reports:

VirusTotal Report: [1] (hits 2/57 Virus Scanners)
Malwr Report: [1]

Summary:

Creates a windows hook that monitors keyboard input (keylogger)
Creates Zeus (Banking Trojan) mutexes
Creates an Alternate Data Stream (ADS)
Installs itself for autorun at Windows startup

Cheers,
Steve
Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Monday, 20 April 2015

Here is a document that you asked

No comments: